ZAP Error [java.net.ConnectException]: Connection refused (Connection refused) - Browser unable to access ZAP instance deployed in minikube.

535 views
Skip to first unread message

Svsn K

unread,
May 31, 2020, 12:54:53 AM5/31/20
to OWASP ZAP User Group
Hello Zap Experts!

I am trying to set up zap in minikube and trying to access it from a browser.  Unfortunately I am getting the following error:

ZAP Error [java.net.ConnectException]: Connection refused (Connection refused)


However, I am able to connect to the zap port successfully from within the cluster/minikube.


Can you please see what I wrong?  


Thanks in advance,

Svsn




###### deployment.yaml #######################

apiVersion: apps/v1

kind: Deployment

metadata:

  name: zap-global

spec:

  replicas: 1

  selector:

    matchLabels:

      run: zap-global

  template:

    metadata:

      labels:

        run: zap-global

    spec:

      containers:

        - name: zap-global

          command: ["zap.sh", "-daemon", "-port", "8094", "-host", "0.0.0.0", "-config", "api.key=12345", "-config", "api.disablekey=true", "-config", "api.addrs.addr.name=.*", "-config", "api.addrs.addr.regex=true"]

          image: owasp/zap2docker-stable

          imagePullPolicy: Always

          ports:

          - containerPort: 8094

            protocol: TCP

          lifecycle:

            postStart:

              exec:

                command: ["/bin/sh", "-c", "mkdir /zap/wrk"]

$kubectl apply -f deployment.yaml


###### LoadBalancer config ######################

$kubectl expose deployment zap-global --type=LoadBalancer --port=8094

 

 

######## Accessing zap from minikube ############

$ minikube ssh

docker@minikube:~$ curl 172.18.0.5:8094

<head>

<title>ZAP API UI</title>

</head>

<body>

<h1>Welcome to the OWASP Zed Attack Proxy (ZAP)</h1><p>ZAP is an easy to use integrated penetration testing tool for finding vulnerabilities in web applications.</p><p></p><p>Please be aware that you should only attack applications that you have been specifically been given permission to test.</p><h2>Proxy Configuration</h2><p>To use ZAP effectively it is recommended that you configure your browser to proxy via ZAP.</p><p></p><p>You can do that manually or by configuring your browser to use the generated <a href="/OTHER/core/other/proxy.pac/?apinonce=63342165ec57097c">PAC file</a>.</p><h2>Links</h2><li><a href="/UI">Local API</a></li><li><a href="https://www.zaproxy.org/">ZAP Homepage</a></li><li><a href="https://groups.google.com/group/zaproxy-users">ZAP User Group</a></li><li><a href="https://groups.google.com/group/zaproxy-develop">ZAP Developer Group</a></li><li><a href="https://github.com/zaproxy/zaproxy/issues">Report an issue</a></li></body>

 

 

######## Accessing zap from browser ############

#Expose LB thru minikube

$minikube service zap-global --url

🏃  Starting tunnel for service zap-global.

|-----------|------------|-------------|------------------------|

| NAMESPACE |    NAME    | TARGET PORT |          URL           |

|-----------|------------|-------------|------------------------|

| default   | zap-global |             | http://127.0.0.1:55767 |

|-----------|------------|-------------|------------------------|

http://127.0.0.1:55767

  Because you are using a Docker driver on darwin, the terminal needs to be open to run it.

 

#############Open URL (http://127.0.0.1:55767) in browser################

 

ZAP Error [java.net.ConnectException]: Connection refused (Connection refused)
 
 
Stack Trace:
java.net.ConnectException: Connection refused (Connection refused)
        at java.net.PlainSocketImpl.socketConnect(Native Method)
        at java.net.AbstractPlainSocketImpl.doConnect(AbstractPlainSocketImpl.java:350)
        at java.net.AbstractPlainSocketImpl.connectToAddress(AbstractPlainSocketImpl.java:206)
        at java.net.AbstractPlainSocketImpl.connect(AbstractPlainSocketImpl.java:188)
        at java.net.SocksSocketImpl.connect(SocksSocketImpl.java:392)
        at java.net.Socket.connect(Socket.java:607)
        at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
        at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62)
        at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
        at java.lang.reflect.Method.invoke(Method.java:498)
        at org.apache.commons.httpclient.protocol.ReflectionSocketFactory.createSocket(ReflectionSocketFactory.java:140)
        at org.apache.commons.httpclient.protocol.DefaultProtocolSocketFactory.createSocket(DefaultProtocolSocketFactory.java:125)
        at org.apache.commons.httpclient.HttpConnection.open(HttpConnection.java:728)
        at org.apache.commons.httpclient.MultiThreadedHttpConnectionManager$HttpConnectionAdapter.open(MultiThreadedHttpConnectionManager.java:1361)
        at org.apache.commons.httpclient.HttpMethodDirector.executeWithRetry(HttpMethodDirector.java:449)
        at org.apache.commons.httpclient.HttpMethodDirector.executeMethod(HttpMethodDirector.java:201)
        at org.apache.commons.httpclient.HttpClient.executeMethod(HttpClient.java:397)
        at org.parosproxy.paros.network.HttpSender.executeMethod(HttpSender.java:418)
        at org.parosproxy.paros.network.HttpSender.runMethod(HttpSender.java:653)
        at org.parosproxy.paros.network.HttpSender.send(HttpSender.java:609)
        at org.parosproxy.paros.network.HttpSender.sendAuthenticated(HttpSender.java:585)
        at org.parosproxy.paros.network.HttpSender.sendAuthenticated(HttpSender.java:573)
        at org.parosproxy.paros.network.HttpSender.sendAndReceive(HttpSender.java:478)
        at org.parosproxy.paros.network.HttpSender.sendAndReceive(HttpSender.java:448)
        at org.parosproxy.paros.core.proxy.ProxyThread.processHttp(ProxyThread.java:564)
        at org.parosproxy.paros.core.proxy.ProxyThread.run(ProxyThread.java:335)
        at java.lang.Thread.run(Thread.java:748)

 

Svsn K

unread,
May 31, 2020, 6:33:30 PM5/31/20
to OWASP ZAP User Group

Hello Experts!


I turned on the zap logging and got the following logs in the console:



378504 [ZAP-ProxyThread-9] DEBUG org.parosproxy.paros.model.SiteMap  - findChild Sites / http://127.0.0.1:57488

378506 [ZAP-ProxyThread-9] DEBUG org.apache.commons.httpclient.params.DefaultHttpParams  - Set parameter http.socket.timeout = 20000

378506 [ZAP-ProxyThread-9] DEBUG org.apache.commons.httpclient.params.DefaultHttpParams  - Set parameter http.connection.timeout = 20000

378506 [ZAP-ProxyThread-9] DEBUG org.apache.commons.httpclient.params.DefaultHttpParams  - Set parameter http.connection.stalecheck = true

378507 [ZAP-ProxyThread-9] DEBUG org.apache.commons.httpclient.params.DefaultHttpParams  - Set parameter http.connection-manager.max-per-host = {HostConfiguration[]=10000}

378507 [ZAP-ProxyThread-9] DEBUG org.apache.commons.httpclient.params.DefaultHttpParams  - Set parameter http.connection-manager.max-total = 200000

378508 [ZAP-ProxyThread-9] DEBUG org.apache.commons.httpclient.params.DefaultHttpParams  - Set parameter http.socket.timeout = 20000

378508 [ZAP-ProxyThread-9] DEBUG org.apache.commons.httpclient.params.DefaultHttpParams  - Set parameter http.connection.timeout = 20000

378508 [ZAP-ProxyThread-9] DEBUG org.apache.commons.httpclient.params.DefaultHttpParams  - Set parameter http.connection.stalecheck = true

378509 [ZAP-ProxyThread-9] DEBUG org.apache.commons.httpclient.params.DefaultHttpParams  - Set parameter http.connection-manager.max-per-host = {HostConfiguration[]=10000}

378509 [ZAP-ProxyThread-9] DEBUG org.apache.commons.httpclient.params.DefaultHttpParams  - Set parameter http.connection-manager.max-total = 200000

378510 [ZAP-ProxyThread-9] DEBUG org.apache.commons.httpclient.params.DefaultHttpParams  - Set parameter http.protocol.allow-circular-redirects = true

378510 [ZAP-ProxyThread-9] DEBUG org.apache.commons.httpclient.params.DefaultHttpParams  - Set parameter http.protocol.allow-circular-redirects = true

378511 [ZAP-ProxyThread-9] DEBUG org.apache.commons.httpclient.params.DefaultHttpParams  - Set parameter http.protocol.single-cookie-header = true

378511 [ZAP-ProxyThread-9] DEBUG org.apache.commons.httpclient.params.DefaultHttpParams  - Set parameter http.protocol.single-cookie-header = true

378511 [ZAP-ProxyThread-9] DEBUG org.apache.commons.httpclient.params.DefaultHttpParams  - Set parameter method.connect.default.user.agent = Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:71.0) Gecko/20100101 Firefox/71.0

378511 [ZAP-ProxyThread-9] DEBUG org.apache.commons.httpclient.params.DefaultHttpParams  - Set parameter method.connect.default.user.agent = Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:71.0) Gecko/20100101 Firefox/71.0

378512 [ZAP-ProxyThread-9] DEBUG org.apache.commons.httpclient.params.DefaultHttpParams  - Set parameter http.protocol.cookie-policy = ignoreCookies

378512 [ZAP-ProxyThread-9] DEBUG org.apache.commons.httpclient.params.DefaultHttpParams  - Set parameter http.protocol.cookie-policy = ignoreCookies

378512 [ZAP-ProxyThread-9] DEBUG org.apache.commons.httpclient.params.DefaultHttpParams  - Set parameter http.protocol.cookie-policy = ignoreCookies

378512 [ZAP-ProxyThread-9] DEBUG org.apache.commons.httpclient.params.DefaultHttpParams  - Set parameter http.protocol.cookie-policy = ignoreCookies

378512 [ZAP-ProxyThread-9] DEBUG org.parosproxy.paros.network.HttpSender  - sendAndReceive GET http://127.0.0.1:57488/ start

378512 [ZAP-ProxyThread-9] DEBUG org.zaproxy.zap.extension.httpsessions.HttpSessionsSite  - No session tokens for: 127.0.0.1:57488

378513 [ZAP-ProxyThread-9] DEBUG org.parosproxy.paros.network.HttpSender  - Sending message to: http://127.0.0.1:57488/

378514 [ZAP-ProxyThread-9] DEBUG org.apache.commons.httpclient.params.DefaultHttpParams  - Set parameter http.protocol.version = HTTP/1.0

378514 [ZAP-ProxyThread-9] DEBUG org.apache.commons.httpclient.params.DefaultHttpParams  - Set parameter http.protocol.version = HTTP/1.1

378515 [ZAP-ProxyThread-9] DEBUG org.apache.commons.httpclient.MultiThreadedHttpConnectionManager  - HttpConnectionManager.getConnection:  config = HostConfiguration[host=http://127.0.0.1:57488], timeout = 0

378515 [ZAP-ProxyThread-9] DEBUG org.apache.commons.httpclient.MultiThreadedHttpConnectionManager  - Allocating new connection, hostConfig=HostConfiguration[host=http://127.0.0.1:57488]

378515 [ZAP-ProxyThread-9] DEBUG org.apache.commons.httpclient.HttpConnection  - Open connection to 127.0.0.1:57488

378517 [ZAP-ProxyThread-9] DEBUG org.apache.commons.httpclient.HttpMethodDirector  - Closing the connection.

378517 [ZAP-ProxyThread-9] INFO org.apache.commons.httpclient.HttpMethodDirector  - I/O exception (java.net.ConnectException) caught when processing request: Connection refused (Connection refused)

378518 [ZAP-ProxyThread-9] DEBUG org.apache.commons.httpclient.HttpMethodDirector  - Connection refused (Connection refused)

java.net.ConnectException: Connection refused (Connection refused)

at java.net.PlainSocketImpl.socketConnect(Native Method)

at java.net.AbstractPlainSocketImpl.doConnect(AbstractPlainSocketImpl.java:350)

at java.net.AbstractPlainSocketImpl.connectToAddress(AbstractPlainSocketImpl.java:206)

at java.net.AbstractPlainSocketImpl.connect(AbstractPlainSocketImpl.java:188)

at java.net.SocksSocketImpl.connect(SocksSocketImpl.java:392)

at java.net.Socket.connect(Socket.java:607)

at sun.reflect.GeneratedMethodAccessor4.invoke(Unknown Source)

at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)

at java.lang.reflect.Method.invoke(Method.java:498)

at org.apache.commons.httpclient.protocol.ReflectionSocketFactory.createSocket(ReflectionSocketFactory.java:140)

at org.apache.commons.httpclient.protocol.DefaultProtocolSocketFactory.createSocket(DefaultProtocolSocketFactory.java:125)

at org.apache.commons.httpclient.HttpConnection.open(HttpConnection.java:728)

at org.apache.commons.httpclient.MultiThreadedHttpConnectionManager$HttpConnectionAdapter.open(MultiThreadedHttpConnectionManager.java:1361)

at org.apache.commons.httpclient.HttpMethodDirector.executeWithRetry(HttpMethodDirector.java:449)

at org.apache.commons.httpclient.HttpMethodDirector.executeMethod(HttpMethodDirector.java:201)

at org.apache.commons.httpclient.HttpClient.executeMethod(HttpClient.java:397)

at org.parosproxy.paros.network.HttpSender.executeMethod(HttpSender.java:418)

at org.parosproxy.paros.network.HttpSender.runMethod(HttpSender.java:653)

at org.parosproxy.paros.network.HttpSender.send(HttpSender.java:609)

at org.parosproxy.paros.network.HttpSender.sendAuthenticated(HttpSender.java:585)

at org.parosproxy.paros.network.HttpSender.sendAuthenticated(HttpSender.java:573)

at org.parosproxy.paros.network.HttpSender.sendAndReceive(HttpSender.java:478)

at org.parosproxy.paros.network.HttpSender.sendAndReceive(HttpSender.java:448)

at org.parosproxy.paros.core.proxy.ProxyThread.processHttp(ProxyThread.java:564)

at org.parosproxy.paros.core.proxy.ProxyThread.run(ProxyThread.java:335)

at java.lang.Thread.run(Thread.java:748)

378524 [ZAP-ProxyThread-9] INFO org.apache.commons.httpclient.HttpMethodDirector  - Retrying request

378524 [ZAP-ProxyThread-9] DEBUG org.apache.commons.httpclient.HttpConnection  - Open connection to 127.0.0.1:57488

378525 [ZAP-ProxyThread-9] DEBUG org.apache.commons.httpclient.HttpMethodDirector  - Closing the connection.

378525 [ZAP-ProxyThread-9] INFO org.apache.commons.httpclient.HttpMethodDirector  - I/O exception (java.net.ConnectException) caught when processing request: Connection refused (Connection refused)

378525 [ZAP-ProxyThread-9] DEBUG org.apache.commons.httpclient.HttpMethodDirector  - Connection refused (Connection refused)

java.net.ConnectException: Connection refused (Connection refused)

at java.net.PlainSocketImpl.socketConnect(Native Method)

at java.net.AbstractPlainSocketImpl.doConnect(AbstractPlainSocketImpl.java:350)

at java.net.AbstractPlainSocketImpl.connectToAddress(AbstractPlainSocketImpl.java:206)

at java.net.AbstractPlainSocketImpl.connect(AbstractPlainSocketImpl.java:188)

at java.net.SocksSocketImpl.connect(SocksSocketImpl.java:392)

at java.net.Socket.connect(Socket.java:607)

at sun.reflect.GeneratedMethodAccessor4.invoke(Unknown Source)

at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)

at java.lang.reflect.Method.invoke(Method.java:498)

at org.apache.commons.httpclient.protocol.ReflectionSocketFactory.createSocket(ReflectionSocketFactory.java:140)

at org.apache.commons.httpclient.protocol.DefaultProtocolSocketFactory.createSocket(DefaultProtocolSocketFactory.java:125)

at org.apache.commons.httpclient.HttpConnection.open(HttpConnection.java:728)

at org.apache.commons.httpclient.MultiThreadedHttpConnectionManager$HttpConnectionAdapter.open(MultiThreadedHttpConnectionManager.java:1361)

at org.apache.commons.httpclient.HttpMethodDirector.executeWithRetry(HttpMethodDirector.java:449)

at org.apache.commons.httpclient.HttpMethodDirector.executeMethod(HttpMethodDirector.java:201)

at org.apache.commons.httpclient.HttpClient.executeMethod(HttpClient.java:397)

at org.parosproxy.paros.network.HttpSender.executeMethod(HttpSender.java:418)

at org.parosproxy.paros.network.HttpSender.runMethod(HttpSender.java:653)

at org.parosproxy.paros.network.HttpSender.send(HttpSender.java:609)

at org.parosproxy.paros.network.HttpSender.sendAuthenticated(HttpSender.java:585)

at org.parosproxy.paros.network.HttpSender.sendAuthenticated(HttpSender.java:573)

at org.parosproxy.paros.network.HttpSender.sendAndReceive(HttpSender.java:478)

at org.parosproxy.paros.network.HttpSender.sendAndReceive(HttpSender.java:448)

at org.parosproxy.paros.core.proxy.ProxyThread.processHttp(ProxyThread.java:564)

at org.parosproxy.paros.core.proxy.ProxyThread.run(ProxyThread.java:335)

at java.lang.Thread.run(Thread.java:748)

378525 [ZAP-ProxyThread-9] INFO org.apache.commons.httpclient.HttpMethodDirector  - Retrying request

378526 [ZAP-ProxyThread-9] DEBUG org.apache.commons.httpclient.HttpConnection  - Open connection to 127.0.0.1:57488

378526 [ZAP-ProxyThread-9] DEBUG org.apache.commons.httpclient.HttpMethodDirector  - Closing the connection.

378526 [ZAP-ProxyThread-9] INFO org.apache.commons.httpclient.HttpMethodDirector  - I/O exception (java.net.ConnectException) caught when processing request: Connection refused (Connection refused)

378526 [ZAP-ProxyThread-9] DEBUG org.apache.commons.httpclient.HttpMethodDirector  - Connection refused (Connection refused)

java.net.ConnectException: Connection refused (Connection refused)

at java.net.PlainSocketImpl.socketConnect(Native Method)

at java.net.AbstractPlainSocketImpl.doConnect(AbstractPlainSocketImpl.java:350)

at java.net.AbstractPlainSocketImpl.connectToAddress(AbstractPlainSocketImpl.java:206)

at java.net.AbstractPlainSocketImpl.connect(AbstractPlainSocketImpl.java:188)

at java.net.SocksSocketImpl.connect(SocksSocketImpl.java:392)

at java.net.Socket.connect(Socket.java:607)

at sun.reflect.GeneratedMethodAccessor4.invoke(Unknown Source)

at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)

at java.lang.reflect.Method.invoke(Method.java:498)

at org.apache.commons.httpclient.protocol.ReflectionSocketFactory.createSocket(ReflectionSocketFactory.java:140)

at org.apache.commons.httpclient.protocol.DefaultProtocolSocketFactory.createSocket(DefaultProtocolSocketFactory.java:125)

at org.apache.commons.httpclient.HttpConnection.open(HttpConnection.java:728)

at org.apache.commons.httpclient.MultiThreadedHttpConnectionManager$HttpConnectionAdapter.open(MultiThreadedHttpConnectionManager.java:1361)

at org.apache.commons.httpclient.HttpMethodDirector.executeWithRetry(HttpMethodDirector.java:449)

at org.apache.commons.httpclient.HttpMethodDirector.executeMethod(HttpMethodDirector.java:201)

at org.apache.commons.httpclient.HttpClient.executeMethod(HttpClient.java:397)

at org.parosproxy.paros.network.HttpSender.executeMethod(HttpSender.java:418)

at org.parosproxy.paros.network.HttpSender.runMethod(HttpSender.java:653)

at org.parosproxy.paros.network.HttpSender.send(HttpSender.java:609)

at org.parosproxy.paros.network.HttpSender.sendAuthenticated(HttpSender.java:585)

at org.parosproxy.paros.network.HttpSender.sendAuthenticated(HttpSender.java:573)

at org.parosproxy.paros.network.HttpSender.sendAndReceive(HttpSender.java:478)

at org.parosproxy.paros.network.HttpSender.sendAndReceive(HttpSender.java:448)

at org.parosproxy.paros.core.proxy.ProxyThread.processHttp(ProxyThread.java:564)

at org.parosproxy.paros.core.proxy.ProxyThread.run(ProxyThread.java:335)

at java.lang.Thread.run(Thread.java:748)

378527 [ZAP-ProxyThread-9] INFO org.apache.commons.httpclient.HttpMethodDirector  - Retrying request

378527 [ZAP-ProxyThread-9] DEBUG org.apache.commons.httpclient.HttpConnection  - Open connection to 127.0.0.1:57488

378527 [ZAP-ProxyThread-9] DEBUG org.apache.commons.httpclient.HttpMethodDirector  - Closing the connection.

378528 [ZAP-ProxyThread-9] DEBUG org.apache.commons.httpclient.HttpMethodDirector  - Method retry handler returned false. Automatic recovery will not be attempted

378528 [ZAP-ProxyThread-9] DEBUG org.apache.commons.httpclient.HttpConnection  - Releasing connection back to connection manager.

378528 [ZAP-ProxyThread-9] DEBUG org.apache.commons.httpclient.MultiThreadedHttpConnectionManager  - Freeing connection, hostConfig=HostConfiguration[host=http://127.0.0.1:57488]

378528 [ZAP-ProxyThread-9] DEBUG org.apache.commons.httpclient.util.IdleConnectionHandler  - Adding connection at: 1590964268416

378528 [ZAP-ProxyThread-9] DEBUG org.apache.commons.httpclient.MultiThreadedHttpConnectionManager  - Notifying no-one, there are no waiting threads

378528 [ZAP-ProxyThread-9] DEBUG org.parosproxy.paros.network.HttpSender  - sendAndReceive GET http://127.0.0.1:57488/ took 16

378528 [ZAP-ProxyThread-9] DEBUG org.zaproxy.zap.extension.httpsessions.HttpSessionsSite  - No session tokens for: 127.0.0.1:57488

378676 [Thread-10] DEBUG org.parosproxy.paros.model.SiteMap  - addPath http://127.0.0.1:57488/

378683 [Thread-10] DEBUG org.parosproxy.paros.model.SiteMap  - findAndAddChild Sites / http://127.0.0.1:57488

378684 [Thread-10] DEBUG org.parosproxy.paros.model.SiteMap  - findChild Sites / http://127.0.0.1:57488

378684 [Thread-10] DEBUG org.zaproxy.zap.eventBus.SimpleEventBus  - publishSyncEvent href.added from org.parosproxy.paros.extension.history.ProxyListenerLogEventPublisher

378748 [ZAP-PassiveScanner] DEBUG org.zaproxy.zap.extension.pscan.PassiveScanData  - No Context found for: http://127.0.0.1:57488/

378958 [ZAP-ProxyThread-9] DEBUG org.parosproxy.paros.model.SiteMap  - findChild Sites / http://127.0.0.1:57488

378958 [ZAP-ProxyThread-9] DEBUG org.parosproxy.paros.model.SiteMap  - findChild http://127.0.0.1:57488 / GET:favicon.ico

378958 [ZAP-ProxyThread-9] DEBUG org.parosproxy.paros.network.HttpSender  - sendAndReceive GET http://127.0.0.1:57488/favicon.ico start

378959 [ZAP-ProxyThread-9] DEBUG org.zaproxy.zap.extension.httpsessions.HttpSessionsSite  - No session tokens for: 127.0.0.1:57488

378959 [ZAP-ProxyThread-9] DEBUG org.parosproxy.paros.network.HttpSender  - Sending message to: http://127.0.0.1:57488/favicon.ico

378959 [ZAP-ProxyThread-9] DEBUG org.apache.commons.httpclient.params.DefaultHttpParams  - Set parameter http.protocol.version = HTTP/1.0

378959 [ZAP-ProxyThread-9] DEBUG org.apache.commons.httpclient.params.DefaultHttpParams  - Set parameter http.protocol.version = HTTP/1.1

378959 [ZAP-ProxyThread-9] DEBUG org.apache.commons.httpclient.MultiThreadedHttpConnectionManager  - HttpConnectionManager.getConnection:  config = HostConfiguration[host=http://127.0.0.1:57488], timeout = 0

378959 [ZAP-ProxyThread-9] DEBUG org.apache.commons.httpclient.MultiThreadedHttpConnectionManager  - Getting free connection, hostConfig=HostConfiguration[host=http://127.0.0.1:57488]

378959 [ZAP-ProxyThread-9] DEBUG org.apache.commons.httpclient.HttpConnection  - Open connection to 127.0.0.1:57488

378960 [ZAP-ProxyThread-9] DEBUG org.apache.commons.httpclient.HttpMethodDirector  - Closing the connection.

378960 [ZAP-ProxyThread-9] INFO org.apache.commons.httpclient.HttpMethodDirector  - I/O exception (java.net.ConnectException) caught when processing request: Connection refused (Connection refused)

378960 [ZAP-ProxyThread-9] DEBUG org.apache.commons.httpclient.HttpMethodDirector  - Connection refused (Connection refused)

java.net.ConnectException: Connection refused (Connection refused)

at java.net.PlainSocketImpl.socketConnect(Native Method)

at java.net.AbstractPlainSocketImpl.doConnect(AbstractPlainSocketImpl.java:350)

at java.net.AbstractPlainSocketImpl.connectToAddress(AbstractPlainSocketImpl.java:206)

at java.net.AbstractPlainSocketImpl.connect(AbstractPlainSocketImpl.java:188)

at java.net.SocksSocketImpl.connect(SocksSocketImpl.java:392)

at java.net.Socket.connect(Socket.java:607)

at sun.reflect.GeneratedMethodAccessor4.invoke(Unknown Source)

at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)

at java.lang.reflect.Method.invoke(Method.java:498)

at org.apache.commons.httpclient.protocol.ReflectionSocketFactory.createSocket(ReflectionSocketFactory.java:140)

at org.apache.commons.httpclient.protocol.DefaultProtocolSocketFactory.createSocket(DefaultProtocolSocketFactory.java:125)

at org.apache.commons.httpclient.HttpConnection.open(HttpConnection.java:728)

at org.apache.commons.httpclient.MultiThreadedHttpConnectionManager$HttpConnectionAdapter.open(MultiThreadedHttpConnectionManager.java:1361)

at org.apache.commons.httpclient.HttpMethodDirector.executeWithRetry(HttpMethodDirector.java:449)

at org.apache.commons.httpclient.HttpMethodDirector.executeMethod(HttpMethodDirector.java:201)

at org.apache.commons.httpclient.HttpClient.executeMethod(HttpClient.java:397)

at org.parosproxy.paros.network.HttpSender.executeMethod(HttpSender.java:418)

at org.parosproxy.paros.network.HttpSender.runMethod(HttpSender.java:653)

at org.parosproxy.paros.network.HttpSender.send(HttpSender.java:609)

at org.parosproxy.paros.network.HttpSender.sendAuthenticated(HttpSender.java:585)

at org.parosproxy.paros.network.HttpSender.sendAuthenticated(HttpSender.java:573)

at org.parosproxy.paros.network.HttpSender.sendAndReceive(HttpSender.java:478)

at org.parosproxy.paros.network.HttpSender.sendAndReceive(HttpSender.java:448)

at org.parosproxy.paros.core.proxy.ProxyThread.processHttp(ProxyThread.java:564)

at org.parosproxy.paros.core.proxy.ProxyThread.run(ProxyThread.java:335)

at java.lang.Thread.run(Thread.java:748)

378961 [ZAP-ProxyThread-9] INFO org.apache.commons.httpclient.HttpMethodDirector  - Retrying request

378961 [ZAP-ProxyThread-9] DEBUG org.apache.commons.httpclient.HttpConnection  - Open connection to 127.0.0.1:57488

378961 [ZAP-ProxyThread-9] DEBUG org.apache.commons.httpclient.HttpMethodDirector  - Closing the connection.

378961 [ZAP-ProxyThread-9] INFO org.apache.commons.httpclient.HttpMethodDirector  - I/O exception (java.net.ConnectException) caught when processing request: Connection refused (Connection refused)

378961 [ZAP-ProxyThread-9] DEBUG org.apache.commons.httpclient.HttpMethodDirector  - Connection refused (Connection refused)

java.net.ConnectException: Connection refused (Connection refused)

at java.net.PlainSocketImpl.socketConnect(Native Method)

at java.net.AbstractPlainSocketImpl.doConnect(AbstractPlainSocketImpl.java:350)

at java.net.AbstractPlainSocketImpl.connectToAddress(AbstractPlainSocketImpl.java:206)

at java.net.AbstractPlainSocketImpl.connect(AbstractPlainSocketImpl.java:188)

at java.net.SocksSocketImpl.connect(SocksSocketImpl.java:392)

at java.net.Socket.connect(Socket.java:607)

at sun.reflect.GeneratedMethodAccessor4.invoke(Unknown Source)

at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)

at java.lang.reflect.Method.invoke(Method.java:498)

at org.apache.commons.httpclient.protocol.ReflectionSocketFactory.createSocket(ReflectionSocketFactory.java:140)

at org.apache.commons.httpclient.protocol.DefaultProtocolSocketFactory.createSocket(DefaultProtocolSocketFactory.java:125)

at org.apache.commons.httpclient.HttpConnection.open(HttpConnection.java:728)

at org.apache.commons.httpclient.MultiThreadedHttpConnectionManager$HttpConnectionAdapter.open(MultiThreadedHttpConnectionManager.java:1361)

at org.apache.commons.httpclient.HttpMethodDirector.executeWithRetry(HttpMethodDirector.java:449)

at org.apache.commons.httpclient.HttpMethodDirector.executeMethod(HttpMethodDirector.java:201)

at org.apache.commons.httpclient.HttpClient.executeMethod(HttpClient.java:397)

at org.parosproxy.paros.network.HttpSender.executeMethod(HttpSender.java:418)

at org.parosproxy.paros.network.HttpSender.runMethod(HttpSender.java:653)

at org.parosproxy.paros.network.HttpSender.send(HttpSender.java:609)

at org.parosproxy.paros.network.HttpSender.sendAuthenticated(HttpSender.java:585)

at org.parosproxy.paros.network.HttpSender.sendAuthenticated(HttpSender.java:573)

at org.parosproxy.paros.network.HttpSender.sendAndReceive(HttpSender.java:478)

at org.parosproxy.paros.network.HttpSender.sendAndReceive(HttpSender.java:448)

at org.parosproxy.paros.core.proxy.ProxyThread.processHttp(ProxyThread.java:564)

at org.parosproxy.paros.core.proxy.ProxyThread.run(ProxyThread.java:335)

at java.lang.Thread.run(Thread.java:748)

378963 [ZAP-ProxyThread-9] INFO org.apache.commons.httpclient.HttpMethodDirector  - Retrying request

378963 [ZAP-ProxyThread-9] DEBUG org.apache.commons.httpclient.HttpConnection  - Open connection to 127.0.0.1:57488

378963 [ZAP-ProxyThread-9] DEBUG org.apache.commons.httpclient.HttpMethodDirector  - Closing the connection.

378964 [ZAP-ProxyThread-9] INFO org.apache.commons.httpclient.HttpMethodDirector  - I/O exception (java.net.ConnectException) caught when processing request: Connection refused (Connection refused)

378964 [ZAP-ProxyThread-9] DEBUG org.apache.commons.httpclient.HttpMethodDirector  - Connection refused (Connection refused)

java.net.ConnectException: Connection refused (Connection refused)

at java.net.PlainSocketImpl.socketConnect(Native Method)

at java.net.AbstractPlainSocketImpl.doConnect(AbstractPlainSocketImpl.java:350)

at java.net.AbstractPlainSocketImpl.connectToAddress(AbstractPlainSocketImpl.java:206)

at java.net.AbstractPlainSocketImpl.connect(AbstractPlainSocketImpl.java:188)

at java.net.SocksSocketImpl.connect(SocksSocketImpl.java:392)

at java.net.Socket.connect(Socket.java:607)

at sun.reflect.GeneratedMethodAccessor4.invoke(Unknown Source)

at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)

at java.lang.reflect.Method.invoke(Method.java:498)

at org.apache.commons.httpclient.protocol.ReflectionSocketFactory.createSocket(ReflectionSocketFactory.java:140)

at org.apache.commons.httpclient.protocol.DefaultProtocolSocketFactory.createSocket(DefaultProtocolSocketFactory.java:125)

at org.apache.commons.httpclient.HttpConnection.open(HttpConnection.java:728)

at org.apache.commons.httpclient.MultiThreadedHttpConnectionManager$HttpConnectionAdapter.open(MultiThreadedHttpConnectionManager.java:1361)

at org.apache.commons.httpclient.HttpMethodDirector.executeWithRetry(HttpMethodDirector.java:449)

at org.apache.commons.httpclient.HttpMethodDirector.executeMethod(HttpMethodDirector.java:201)

at org.apache.commons.httpclient.HttpClient.executeMethod(HttpClient.java:397)

at org.parosproxy.paros.network.HttpSender.executeMethod(HttpSender.java:418)

at org.parosproxy.paros.network.HttpSender.runMethod(HttpSender.java:653)

at org.parosproxy.paros.network.HttpSender.send(HttpSender.java:609)

at org.parosproxy.paros.network.HttpSender.sendAuthenticated(HttpSender.java:585)

at org.parosproxy.paros.network.HttpSender.sendAuthenticated(HttpSender.java:573)

at org.parosproxy.paros.network.HttpSender.sendAndReceive(HttpSender.java:478)

at org.parosproxy.paros.network.HttpSender.sendAndReceive(HttpSender.java:448)

at org.parosproxy.paros.core.proxy.ProxyThread.processHttp(ProxyThread.java:564)

at org.parosproxy.paros.core.proxy.ProxyThread.run(ProxyThread.java:335)

at java.lang.Thread.run(Thread.java:748)

378967 [ZAP-ProxyThread-9] INFO org.apache.commons.httpclient.HttpMethodDirector  - Retrying request

378967 [ZAP-ProxyThread-9] DEBUG org.apache.commons.httpclient.HttpConnection  - Open connection to 127.0.0.1:57488

378968 [ZAP-ProxyThread-9] DEBUG org.apache.commons.httpclient.HttpMethodDirector  - Closing the connection.

378968 [ZAP-ProxyThread-9] DEBUG org.apache.commons.httpclient.HttpMethodDirector  - Method retry handler returned false. Automatic recovery will not be attempted

378968 [ZAP-ProxyThread-9] DEBUG org.apache.commons.httpclient.HttpConnection  - Releasing connection back to connection manager.

378968 [ZAP-ProxyThread-9] DEBUG org.apache.commons.httpclient.MultiThreadedHttpConnectionManager  - Freeing connection, hostConfig=HostConfiguration[host=http://127.0.0.1:57488]

378968 [ZAP-ProxyThread-9] DEBUG org.apache.commons.httpclient.util.IdleConnectionHandler  - Adding connection at: 1590964268856

378969 [ZAP-ProxyThread-9] DEBUG org.apache.commons.httpclient.MultiThreadedHttpConnectionManager  - Notifying no-one, there are no waiting threads

378969 [ZAP-ProxyThread-9] DEBUG org.parosproxy.paros.network.HttpSender  - sendAndReceive GET http://127.0.0.1:57488/favicon.ico took 11

378969 [ZAP-ProxyThread-9] DEBUG org.zaproxy.zap.extension.httpsessions.HttpSessionsSite  - No session tokens for: 127.0.0.1:57488

381474 [ZAP-ProxyThread-9] DEBUG org.parosproxy.paros.core.proxy.ProxyThread  - Timed out while reading a new HTTP request.

398507 [ZAP-ProxyThread-10] WARN org.parosproxy.paros.core.proxy.ProxyThread  - Socket timeout while reading first message.

398508 [ZAP-ProxyThread-10] DEBUG org.parosproxy.paros.core.proxy.ProxyThread  - java.net.SocketTimeoutException: Read timed out

java.net.SocketTimeoutException: Read timed out

at java.net.SocketInputStream.socketRead0(Native Method)

at java.net.SocketInputStream.socketRead(SocketInputStream.java:116)

at java.net.SocketInputStream.read(SocketInputStream.java:171)

at java.net.SocketInputStream.read(SocketInputStream.java:141)

at java.io.BufferedInputStream.fill(BufferedInputStream.java:246)

at java.io.BufferedInputStream.read1(BufferedInputStream.java:286)

at java.io.BufferedInputStream.read(BufferedInputStream.java:345)

at java.io.FilterInputStream.read(FilterInputStream.java:107)

at org.parosproxy.paros.core.proxy.ProxyThread.isSslTlsHandshake(ProxyThread.java:251)

at org.parosproxy.paros.core.proxy.ProxyThread.run(ProxyThread.java:292)

at java.lang.Thread.run(Thread.java:748)

Simon Bennetts

unread,
Jun 1, 2020, 4:46:52 AM6/1/20
to OWASP ZAP User Group
ZAP Error [java.net.ConnectException]: Connection refused (Connection refused)

This means that ZAP was unable to connect to the target URL.
This is almost certainly a networking problem in your environment and nothing to do with ZAP.

Try using another command to connect to the target, such as 'curl', from the command line where you are running ZAP. If that fails as well then its an environmental problem.

srivatsn00

unread,
Jun 1, 2020, 10:40:06 AM6/1/20
to zaprox...@googlegroups.com
Hi Simon,

I can see the request from the is reaching the ZAP server through the Minikube loadbalancer but the error reported is in the ZAP server side.  I am reaching out to this group to see if anyone else has seen and solved the issue.  I have shared all my configuration and I have reached a dead end 😒

Regards,
Svsn
--
You received this message because you are subscribed to the Google Groups "OWASP ZAP User Group" group.
To unsubscribe from this group and stop receiving emails from it, send an email to zaproxy-user...@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/zaproxy-users/6b49dc3a-fce5-4ee6-9cc0-0989da0bb279%40googlegroups.com.

psiinon

unread,
Jun 1, 2020, 10:44:11 AM6/1/20
to zaprox...@googlegroups.com
Thats an outgoing request from ZAP.
Are you saying that you can see the request going out from ZAP, reaching the target, and the response then getting back to ZAP?
Have you tried connecting to the target from another tool like curl?

To view this discussion on the web visit https://groups.google.com/d/msgid/zaproxy-users/5ed51340.1c69fb81.49e42.2f70%40mx.google.com.


--
OWASP ZAP Project leader

srivatsn00

unread,
Jun 1, 2020, 10:52:47 AM6/1/20
to zaprox...@googlegroups.com
Does the API server spin off a worker process on a different port to handle the request?  In my Minikube only the port 8094 is exposed.  Do I need to open any other port?  Please see my kubernetes deployment config?



Regards,
Srivatsan

Simon Bennetts

unread,
Jun 1, 2020, 10:59:06 AM6/1/20
to OWASP ZAP User Group
No, ZAP is just one java process.

I've not setup kubernetes so the config files mean nothing to me.

Have you tried accessing the target using curl from the same box as ZAP?
To unsubscribe from this group and stop receiving emails from it, send an email to zaproxy-users+unsubscribe@googlegroups.com.

srivatsn00

unread,
Jun 1, 2020, 12:56:14 PM6/1/20
to zaprox...@googlegroups.com
Yes,  the zap url is accessible from within Minikube.  The same url gives the "connection refused" error when accessed from outside minikube.
To unsubscribe from this group and stop receiving emails from it, send an email to zaproxy-user...@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/zaproxy-users/bef22cf8-e12e-4220-8259-615031c7e283%40googlegroups.com.

Svsn K

unread,
Jun 1, 2020, 2:10:17 PM6/1/20
to OWASP ZAP User Group
Hi Psiinon,

Yes, I tried accessing the url using curl from both within the cluster and from the host machine. It works from within the cluster but it doesn't work from the host machine when accessed through the LB even thought I can see the request reaching the ZAP server through the LB.  Here are the outputs:

#Start Zap Server as a daemon

 

zap@zap-global-2-7d76d59f9-w6ns8:/zap$ zap.sh -daemon -port 8094 -host 0.0.0.0 -config api.key=12345 -config api.disablekey=true -config api.addrs.addr.name=172.18.0.* -config api.addrs.addr.regex=true

Found Java version 1.8.0_242

Available memory: 1991 MB

Using JVM args: -Xmx497m

0 [main] INFO org.zaproxy.zap.DaemonBootstrap  - OWASP ZAP 2.9.0 started 01/06/20 17:58:51 with home /home/zap/.ZAP/

81 [main] INFO org.parosproxy.paros.common.AbstractParam  - Setting config api.key = 12345 was 12345

84 [main] INFO org.parosproxy.paros.common.AbstractParam  - Setting config api.disablekey = true was true

86 [main] INFO org.parosproxy.paros.common.AbstractParam  - Setting config api.addrs.addr.name = 172.18.0.* was .*

6159 [ZAP-daemon] INFO org.parosproxy.paros.extension.ExtensionLoader  - Initializing Adds the Quick Start panel for scanning and exploring applications

6166 [ZAP-daemon] INFO org.parosproxy.paros.extension.ExtensionLoader  - Initializing Add the option to use the Ajax Spider in the Quick Start scan

6171 [ZAP-daemon] INFO org.parosproxy.paros.extension.ExtensionLoader  - Initializing Launch browsers proxying through ZAP

6175 [ZAP-daemon] INFO org.parosproxy.paros.extension.ExtensionLoader  - Initializing Launch browsers proxying through ZAP

6194 [ZAP-daemon] INFO org.parosproxy.paros.extension.ExtensionLoader  - Initializing Heads Up Display

6327 [ZAP-daemon] INFO org.parosproxy.paros.extension.ExtensionLoader  - Initializing ExtensionHUDlaunch

6340 [ZAP-daemon] INFO org.parosproxy.paros.extension.ExtensionLoader  - Initializing Passive Scan Rules

6611 [ZAP-daemon] INFO org.zaproxy.zap.extension.callback.ExtensionCallback  - Started callback server on 0.0.0.0:32969

7005 [ZAP-daemon] INFO org.zaproxy.zap.DaemonBootstrap  - ZAP is now listening on 0.0.0.0:8094

 

 

#Access ZAP API from minikube

docker@minikube:~$ echo $HTTP_PROXY

 

docker@minikube:~$ echo $http_proxy

 

docker@minikube:~$ curl 172.18.0.8:8094

<head>

<title>ZAP API UI</title>

</head>

<body>

<h1>Welcome to the OWASP Zed Attack Proxy (ZAP)</h1><p>ZAP is an easy to use integrated penetration testing tool for finding vulnerabilities in web applications.</p><p></p><p>Please be aware that you should only attack applications that you have been specifically been given permission to test.</p><h2>Proxy Configuration</h2><p>To use ZAP effectively it is recommended that you configure your browser to proxy via ZAP.</p><p></p><p>You can do that manually or by configuring your browser to use the generated <a href="/OTHER/core/other/proxy.pac/?apinonce=be0c003ee950f5">PAC file</a>.</p><h2>Links</h2><li><a href="/UI">Local API</a></li><li><a href="https://www.zaproxy.org/">ZAP Homepage</a></li><li><a href="https://groups.google.com/group/zaproxy-users">ZAP User Group</a></li><li><a href="https://groups.google.com/group/zaproxy-develop">ZAP Developer Group</a></li><li><a href="https://github.com/zaproxy/zaproxy/issues">Report an issue</a></li></body>

docker@minikube:~$ 

 

#Access ZAP API from host machine. (here port 60457 is the LB port for the zap @ 172.18.0.8:8094 inside the cluster)

$  curl http://127.0.0.1:60457

Thanks

Svsn

To unsubscribe from this group and stop receiving emails from it, send an email to zaprox...@googlegroups.com.

--
You received this message because you are subscribed to the Google Groups "OWASP ZAP User Group" group.
To unsubscribe from this group and stop receiving emails from it, send an email to zaprox...@googlegroups.com.

thc...@gmail.com

unread,
Jun 1, 2020, 4:05:41 PM6/1/20
to zaprox...@googlegroups.com
Hi.

Does the LB rewrite the request to match ZAP's port? Otherwise ZAP will
not know that the request is to itself and will forward it.

Best regards.

srivatsn00

unread,
Jun 1, 2020, 4:52:56 PM6/1/20
to zaprox...@googlegroups.com
Yes, LB is setup to forward the requests to ZAP on port 8094 on the node.  

-------- Original message --------
Date: 6/1/20 1:05 PM (GMT-08:00)
--
You received this message because you are subscribed to the Google Groups "OWASP ZAP User Group" group.
To unsubscribe from this group and stop receiving emails from it, send an email to zaproxy-user...@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/zaproxy-users/8c8b14d6-af2c-5734-98c7-a6b1aff15ee7%40gmail.com.

thc...@gmail.com

unread,
Jun 2, 2020, 4:38:17 AM6/2/20
to zaprox...@googlegroups.com
Hi.

Just forwarding is not enough, the request also needs to be rewritten.

Best regards.

On 01/06/2020 21:52, srivatsn00 wrote:
> Yes, LB is setup to forward the requests to ZAP on port 8094 on the node.
> -------- Original message --------From: thc...@gmail.com Date: 6/1/20 1:05 PM (GMT-08:00) To: zaprox...@googlegroups.com Subject: Re: [zaproxy-users] Re: ZAP Error [java.net.ConnectException]: Connection refused (Connection refused) - Browser unable to access ZAP instance deployed in minikube. Hi.Does the LB rewrite the request to match ZAP's port? Otherwise ZAP will not know that the request is to itself and will forward it.Best regards.-- You received this message because you are subscribed to the Google Groups "OWASP ZAP User Group" group.To unsubscribe from this group and stop receiving emails from it, send an email to zaproxy-user...@googlegroups.com.To view this discussion on the web visit https://groups.google.com/d/msgid/zaproxy-users/8c8b14d6-af2c-5734-98c7-a6b1aff15ee7%40gmail.com.
>

Svsn K

unread,
Jun 2, 2020, 4:25:16 PM6/2/20
to OWASP ZAP User Group
I am able to do proxy through zap in my set up.   It is only that I am not able to access the API server to do, for example, an active scan.   

>unset http_proxy
>unset https_proxy
>curl localhost:32517
ZAP Error [java.net.ConnectException]: Connection refused (Connection refused)

>set http_proxy localhost:32517
>set https_proxy localhost:32517
return www.example home page.

So I do not believe it has anything to do with the LB or nodeport.  Zap seems to be returning an error because it is blocking connection based on some criteria and I don't know what that is. 

Svsn K

unread,
Jun 2, 2020, 10:05:39 PM6/2/20
to OWASP ZAP User Group
Hurry! I got Zap to work in my minikube env.  For the benefit of fellow zappers, I am sharing my cheatsheet here:

Steps to deploy OWASP-ZAP in minikube

  1. Start by inpecting your current Kubernetes deployments:
    $kubectl get svc,pod,deployments

NAME                 TYPE        CLUSTER-IP   EXTERNAL-IP   PORT(S)   AGE

service/kubernetes   ClusterIP   10.96.0.1    <none>        443/TCP   3d1h

      

  1. Inspect the sample deployment owasp-zap.xml file below. This file contains the Deployment and Service definitions for deploying owasp zap in your Kubernetes cluster (if you are copying to a file on windows make sure you get rid of control characters introduced by web portals or else you will see some weird errors in the next step) :

    $cat owasp-zap.yaml

apiVersion: apps/v1

kind: Deployment

metadata:

  name: owasp-zap

spec:

  replicas: 1

  selector:

    matchLabels:

      run: owasp-zap

  template:

    metadata:

      labels:

        run: owasp-zap

    spec:

      containers:

        - name: owasp-zap

          command: ["zap.sh", "-daemon", "-port", "8094", "-host", "0.0.0.0", "-config", "api.key=12345", "-config", "api.disablekey=true", "-config", "api.addrs.addr.name=.*", "-config", "api.addrs.addr.regex=true"]

          image: owasp/zap2docker-stable

          imagePullPolicy: IfNotPresent

          ports:

          - containerPort: 8080

            protocol: TCP

 

---

 

apiVersion: v1

kind: Service

metadata:

  name: owasp-zap

  labels: 

    run: owasp-zap

spec:

  type: NodePort

  ports:

  - port: 80

    targetPort: 8080

    protocol: TCP

    name: http

  selector:

    run: owasp-zap

 

  1. Create the ZAP resources in Kubernetes

    $kubectl apply -f owasp-zap.yaml     

deployment.apps/owasp-zap created

service/owasp-zap created


  1. Verify the resources are create and running (If you are creating the resource for the first time, it may take a while for pulling the docker image from the internet. You will have to wait a little bit for the pod to get to the ‘Running’ state):

    $kubectl get svc,po,deployments

NAME                 TYPE        CLUSTER-IP      EXTERNAL-IP   PORT(S)        AGE

service/kubernetes   ClusterIP   10.96.0.1       <none>        443/TCP        3d1h

service/owasp-zap    NodePort    10.98.106.166   <none>        80:31055/TCP   46s

 

NAME                            READY   STATUS    RESTARTS   AGE

pod/owasp-zap-79d578d65-59n42   1/1     Running   0          46s

 

NAME                        READY   UP-TO-DATE   AVAILABLE   AGE

deployment.apps/owasp-zap   1/1     1            1           46s


  1. Expose the nodeport in minikube (if you are doing this exercise using the Kubernetes in Docker Desktop, then you can skip this step).  The command prompt will not return. Do not ctrl-c this process.  Leave this terminal alone and do step 6 in a separate terminal or you can Ctrl-z and bg this process.

    $minikube service owasp-zap --url

🏃  Starting tunnel for service owasp-zap.

|-----------|-----------|-------------|------------------------|

| NAMESPACE |   NAME    | TARGET PORT |          URL           |

|-----------|-----------|-------------|------------------------|

| default   | owasp-zap |             | http://127.0.0.1:57034 |

|-----------|-----------|-------------|------------------------|

  Because you are using a Docker driver on darwin, the terminal needs to be open to run it.


  1. Testing your ZAP deployment. 
    In another terminal set the http_proxy and https_proxy environment variable to use the proxy (http://127.0.0.1:57034) to the owasp-zap service:

<!doctype html>

<html>

<head>

    <title>Example Domain</title>

           …

</head>

 

<body>

<div>

    <h1>Example Domain</h1>

    <p>This domain is for use in illustrative examples in documents. You may use this

    domain in literature without prior coordination or asking for permission.</p>

    <p><a href="https://www.iana.org/domains/example">More information...</a></p>

</div>

</body>

</html>

{"scan":"0"}

Happy Scanning!


Svsn

Svsn K

unread,
Jun 2, 2020, 10:13:20 PM6/2/20
to OWASP ZAP User Group
Steps 5,6 got truncated due to google groups limitations (for full instructions see attachment)
  1. <see my earlier post on this thread>
  2. <see my earlier post on this thread>
  3. <see my earlier post on this thread>
  4. <see my earlier post on this thread>

<p class="p1" style="background-image: initial; background-position: initial; background-size: initial; background-repea
zap_in_minikube_instructions.txt

Simon Bennetts

unread,
Jun 3, 2020, 4:59:17 AM6/3/20
to OWASP ZAP User Group
Good to hear you've got it working now - thanks for letting us know!

What were the key steps that you were missing before?

thc...@gmail.com

unread,
Jun 3, 2020, 5:08:57 AM6/3/20
to zaprox...@googlegroups.com
Hi.

To clarify, that error is not ZAP blocking a connection, it means that
it failed to connect to the host/port when forwarding a request.

ZAP only answers to API requests on addresses/ports that it's listening
to, so if they don't match ZAP assumes is a request to forward.

Best regards.
Reply all
Reply to author
Forward
0 new messages